Arbitrary Command Execution in Emacs 21.2.1 via Local Variables

Arbitrary Command Execution in Emacs 21.2.1 via Local Variables

CVE-2003-1232 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.

Learn more about our User Device Pen Test.